| CVE-2024-13790 | MinimogWP – The High Converting eCommerce WordPress Theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion | ThemeMove | MinimogWP – The High Converting eCommerce WordPress Theme | Critical | 9.8 | 2025-03-19 08:22:00 | Deep Dive |
| CVE-2025-2041 | s-a-zhd Ecommerce-Website-using-PHP shop.php sql injection | s-a-zhd | Ecommerce-Website-using-PHP | Medium | 6.3 | 2025-03-06 20:31:04 | Deep Dive |
| CVE-2025-2036 | s-a-zhd Ecommerce-Website-using-PHP details.php sql injection | s-a-zhd | Ecommerce-Website-using-PHP | Medium | 6.3 | 2025-03-06 18:31:05 | Deep Dive |
| CVE-2025-2035 | s-a-zhd Ecommerce-Website-using-PHP customer_register.php unrestricted upload | s-a-zhd | Ecommerce-Website-using-PHP | Medium | 6.3 | 2025-03-06 18:00:07 | Deep Dive |
| CVE-2025-1513 | Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting | contest-gallery | Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe | High | 7.2 | 2025-02-28 05:23:15 | Deep Dive |
| CVE-2024-13718 | Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later <= 1.2.26 - Cross-Site Request Forgery to Wishlist Creation/Modification | wpdesk | Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later | Medium | 4.3 | 2025-02-18 08:21:43 | Deep Dive |
| CVE-2024-13795 | Ecwid by Lightspeed Ecommerce Shopping Cart <= 6.12.27 - Cross-Site Request Forgery to Send Deactivation Message | ecwid | Ecwid by Lightspeed Ecommerce Shopping Cart | Medium | 4.3 | 2025-02-18 07:28:14 | Deep Dive |
| CVE-2024-13120 | ProfilePress < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |
| CVE-2024-13121 | Paid Membership Plugin < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:12 | Deep Dive |
| CVE-2024-13119 | ProfilePress < 4.15.20 - Admin+ Stored XSS | Unknown | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content | 中危 | - | 2025-02-13 06:00:06 | Deep Dive |
| CVE-2024-13652 | ECPay Ecommerce for WooCommerce <= 1.1.2411060 - Missing Authorization to Authenticated (Subscriber+) Log Deletion | ecpaytechsupport | ECPay Ecommerce for WooCommerce | Medium | 4.3 | 2025-01-30 13:41:59 | Deep Dive |
| CVE-2024-13696 | Flexible Wishlist for WooCommerce <= 1.2.25 - Unauthenticated Stored Cross-Site Scripting via wishlist_name Parameter | wpdesk | Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later | High | 7.2 | 2025-01-29 07:21:27 | Deep Dive |
| CVE-2024-12043 | Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) <= 3.16.5 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Prime Slider – Addons for Elementor | Medium | 6.4 | 2025-01-23 11:13:27 | Deep Dive |
| CVE-2024-13517 | Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Title | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 4.4 | 2025-01-18 07:05:09 | Deep Dive |
| CVE-2024-12712 | Shopping Cart & eCommerce Store <= 5.7.8 - Missing Authorization to Order Updates | levelfourstorefront | Shopping Cart & eCommerce Store | Medium | 5.3 | 2025-01-08 09:18:36 | Deep Dive |
| CVE-2024-56023 | WordPress WP eCommerce Quickpay plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability | PerfectSolution | WP eCommerce Quickpay | High | 7.1 | 2025-01-02 12:01:12 | Deep Dive |
| CVE-2023-47241 | WordPress CoCart – Headless ecommerce plugin <= 3.11.2 - Broken Access Control vulnerability | CoCart Headless | CoCart – Headless ecommerce | 中危 | - | 2025-01-02 12:00:33 | Deep Dive |
| CVE-2023-46631 | WordPress Product Recommendation Quiz for eCommerce plugin <= 2.1.2 - Broken Access Control vulnerability | RevenueHunt | Product Recommendation Quiz for eCommerce | 中危 | - | 2025-01-02 12:00:25 | Deep Dive |
| CVE-2024-12875 | Easy Digital Downloads <= 3.3.2 - Authenticated (Admin+) Arbitrary File Download | smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy | Medium | 4.9 | 2024-12-21 11:22:45 | Deep Dive |
| CVE-2024-12771 | eCommerce Product Catalog Plugin for WordPress <= 3.3.43 - Cross-Site Request Forgery to Password Reset | implecode | eCommerce Product Catalog Plugin for WordPress | High | 8.8 | 2024-12-21 07:02:59 | Deep Dive |